Validation error problems

Every reference to "Validation Show If (filename) (prior Version)" has a red exclamation mark by it in every page generated by Create Security Pages wizard.

Please advise how to get rid of, or prevent them from happening in the first place.
There are 8 in forgotpassword.php, 8 in userupdate.php, 10 in registration, and 2 in login, making a total of 28.

sounds like you have conflicting extensions installed.

see this thread for details on extensions that may be causing the conflict:
showthread.php?t=24005

I already worked out that the words "(old version)" indicated that I should remove the totally newly installed validator. So I did it, and it completely killed Dreamweaver. After another wasted half hour I fixed that problem, re ran the setup, installed the extension again and ran "create security pages."

Inspection of the code generated showed multiple identical server behaviours which caused a loop in the redirect script.


So I deleted the additional server behaviours, and that got rid of the loop.
It now takes the input and always redirects the login page to the "wrong password or email address page."
And there are 4 more pages to sort.

Not a happy bunny, having expected to have a login system up and running in an hour at the most.

How about a set of example settings for a the four pages, that just get the basics working?

At least then one would have some code that works for comparison and no doubt it would save a lot of work for the forum?

;if you run the security assist wizard multiple times, it will add multiple server behaviors to the list, the wizard is a tool for creating the pages. to modify them after they are created, you need to edit the server behaviors that are applied.

how have you set up the registration?
are you using encryption for the password?
Did you select to use one of the preset databases?
or to use your own?

I dont think a set of sample pages would be much help because of the number of different options that can be selected when setting up the wizard, it would be highly unlikely that the sample pages would match your pages.

1. How have I set up the registration and did I use my own:

I had my own database which already had its own working registration system on it, but I used a different directory to set up the SA version, using the same database. Registration works fine and all the info is now stored in the database.

2. For the moment I am not using encryption for the password, as it makes life easier to just look at the database to find what it is. If I get a working system then I will add the encryption to it later. I assume that this is possible.

I did not use the pages manager as I have 120 pages to secure for one reason or another, each needing access using levels (groups) username and password. I don't want to enter names into the groups panel as there are likely to be hundreds of them, so the process of allocating group status will be farmed out to editors world wide, leaving me just to group them as "editors" in my database.

The biggest problem with this system, is that the documentatiuon does not tell you what is wanted at most points, or how it works, which is why I asked for samples. If I understand what is supposed to be happening then I can make it work.

Just simple examples like

1. How to set up a pasword that is a minimum 6 characters long, 3 of which may be (but do not have to ) be numbers. Not possible as far as I can see.

2. Where to go in the system to set a page like the login page to go to a specific page if logged in successfully - or is the system supposed to log people in and then they find their way to a page by clicking a menu? At the moment. All I get is a numb message that I am logged in and the same page re-displayed.

3. How to change an error message permanently and save it in the preset.

These are the sort of problems that become annoying. I have played with this thing now for about 20 hours and got precious little of it working at all.

  1. How to set up a pasword that is a minimum 6 characters long, 3 of which may be (but do not have to ) be numbers. Not possible as far as I can see.  

in the security assist wizard, go to the Manage pages tab, and click the pencil edit icon for the Configure Field settings option.


for the password field, you can make changes to the validation to change the Min and Max characters, the min and max letters, number s and specials.


to change this after the pages have been created, you need to edit the spry validation settings for the password field.

in design view, select the password field, Notice the blue bounding box that will appear around the field, click on that edit the spry settings. open the property inspector, you can set the all of the same minimums and maximums there.

you will also need to edit the Server Validation server behavior to edit the Entry Length validation for the passwrod field. Open the server behaviors panel, double click the Server Validation server behavior select the entry length validation and click the edit button to make changes.

  2. Where to go in the system to set a page like the login page to go to a specific page if logged in successfully - or is the system supposed to log people in and then they find their way to a page by clicking a menu? At the moment. All I get is a numb message that I am logged in and the same page re-displayed.  

on the login page, open the server behaviors panel and double click the Security Assist Authenticate user server behavior, you will be able to set the success and failure redirect options here.

  3. How to change an error message permanently and save it in the preset.  

unfortunately, the error messages cannot be changed in the wizard and saved a s a preset.

Thankyou. That is now fixed, but it was easier at this stage to delete all the files and change the values in the preset.

I now have more problems:
I have a rule called "is treasurer" that states
restrict if <?php echo $_SESSION['level'] <> "treasurer";?>
allow if <?php echo $_SESSION['level'] = "treasurer";?>

The idea being only to show the tab if the user is a treasurer.

This rule is applied to a tabbed panels tab to control a show region behaviour as follows:

<?php if(WA_Auth_RulePasses("is treasurer")){ // Begin Show Region ?>
<li class="TabbedPanelsTab" tabindex="0">Treasurers</li>
<?php } // End Show Region ?>

This fails because the login page does not send a value for the session variable $_SESSION['level'] as is proved by running the statement <?php session_start() ;Print_r($_SESSION); ?>, on the landing page, the output of which is:

Array ( [WAENCRYPTEDRETURNUSED] => [WAENCRYPTEDRETURNSUCCESS] => [SecurityAssist_usr_id] => 49 ) even though the session box shows the Session ['level'] is available , it is obviously not set.


The page to which the login page redirects did not have a recordset containing the user's level, so I used the SecurityAssist_usr_id session variable to select the level of the user in a new record set, and changed the rule as follows:

restrict if "treasurer" <> <?php echo $row_levelset['level']; ?> (do not show the panel if the level is not equal to the string "treasurer")

allow if "treasurer" = <?php echo $row_levelset['level']; ?> (show the panel if the level is equal to the string "treasurer" )

I tried it with all variations of inverted commas around the word treasurer with the same results. No matter what level of user I select, the region does not show even when the page prints the value of the level variable as being "treasurer".
I thought that the idea should work, but cannot determine why it does not.


Questions:
1.Is it not possible to set the session['level'] variable + others in the login page. If so, how?

3. How do the groups work? The system show how to create groups, but I cannot see how to use them, much less how to compare them with a the group that a user could belong to that has to be in a database.

Sorry to be a pain, but it is really a problem.

1. After I deleted all sessions in my tmp directory, the script worked as it should, using code like
allow if treasurer = <?php echo $_SESSION['level']; ?>

2. Groups - the secret it seems is to set up groups of groups like one, two, three, oneandtwo, notoneandtwo.

oneandtwo has groups one and two in it
notoneandtwo has all the groups that are not in group oneandtwo i.e. in this example, group three

Then you set up a rule that says:
Allow if <?php echo $_SESSION['level']; ?> is in oneandtwo -allows groups one and two
restrict <?php echo $_SESSION['level']; ?> is in notoneandtwo. - restricts group three


Set up a hidden region on the part of the page that you wish to hide and apply both the rules above to it.

That should hide the area to group three.
In this case you could also just say restrict if session variable is in three, but its better to have the inverse as well, in case you add some more groups that could complicate the logic.
If there was a criteria "not in group", you would save some code but there isn't.
Took a long time but I got there in the end.

glad to here you have figured it out.